Login Signup
Verified Document

IT Security Assessments Process Of Matching Security Essay

Related Topics:
Security Breach Assessment Methods As You Like It Assessment Activity
Open Document Cite Document

¶ … IT Security Assessments (Process of matching security policies against the architecture of the system in order to measure compliance The systems security assessment is the method of creating a security policy that would be complimentary to the architecture of the system and the method would allow for the measure of compliance. Security assessments are activities that belong to the phase of the design cycle, and that is because it is very difficult to assess the risk of a system that is already functioning. Assessing risk alone does not make the process true. The issues of costs, and the types of security architecture and many other necessities that are outside the actual security measures need to be considered because they come into play. (Ramachandran, 2002) There is also the complexities of the networks itself to consider. Modern internet-based systems have created hybrid network configuration that brings the problems of scalability. One type of hybrid network is the integration of mobile wireless networks and the internet.

The primary network in the case of the internet and other networking is the grid. It is defined as a combination of hardware and software created infrastructure that provides a platform for dependable, consistent and inexpensive access to high end computing capabilities. There is thus resource sharing and the types of grids are cluster, enterprise, and global grids. (Merkow; Breithaupt, 2005) While the entire grid may thus be given a security system, each administrative domain must also have its own protocol to suit the type it is and also integrate to the grid. Certification of the domains as with the GSI and X509 certificates was the earlier known solution for authentication. (Douligeris; Serpanos, 2007)

This system thus incorporated is the basis of secure layered protocols for different types of communication. When the LAN and internet went worldwide, the grid security had to be reconsidered. The second type of grid uses the stand-alone mobile networks with infrastructure wireless networks which can be seen in the merging of cellular and wireless networks is a type of hybrid network where cellular features are mixed with adhoc connectivity to create a composite network that carries both the features. (Belding-Royer; Agha; Pujolle, 2005)

In any case the network device security is the most important part of any security infrastructure. The growing networks and inclusion of more and more new networked devices has caused increase of nodes most of which are not amenable to high security protocols like printers -- those which are network enabled have insecure default configurations. Most security problems begin with the routers which are the first device that is targeted for an attack. Compromise of these devices will make the entire network infrastructure weak or will be a way for attackers to cause a 'man-in-the-middle attacks' which may include rerouting traffic, information gathering and denial of service. (Andress, 2003) There are many criteria for the analysis of the security scenario.

Security Assessment

The problems of security begin with the expansion of networking and in the beginning of the millennium the growth in demand for networks was huge and the system relied on the packet-switched data communications networks which were based on the "protocol layering" concept -- that is rules, or protocols being used in a stack fashion and based on what was defined as the "end-to-end network" both of which created the internet. The main element in this system is the IP address that is found in the "logical layers and the modern use of network protocols centered on the IP address." (Whitt, 2004)

In the networking the emphasis always is on the 'Network Layers.' The modern network thus consists of many additional features including wireless transmissions, telephony, internet, and mobile networks. The amalgamation of all the services in a single device such as mobile phones for example has caused vast changes in the way the operations are carried out in the communication sector. The first method is the use of the 'Federal Information Technology Security Assessment Framework' championed by the 'National Institute for Standards and Technology -- NIST' and this method helps in the security assessment by evaluating the threats against and vulnerabilities within the assets of the system. It is also used to certify all implemented security controls as adequate or other grades like 'completely secure or meeting acceptable levels of risk' and so on. (Ramachandran, 2002)

Other Methods

The 'Common Criteria Testing Laboratories' based a system on the end user and the requirements of the end user determine the nature of the security proposed...

The common criteria have a set of validities that form the fundamental directives contained in the protection profile. The role of evaluation is to test the premises of the developer and discover potential security threats. Thus the claims made by the developer is tested and evaluated and the end user thus can be satisfied about the outcome. The 'Common Criteria' deals with the information that is stored and used with multiple hardware and software components. The assurance is that the design of the system is wherein there is higher security and trust. This involves the selection of the individual IT product like operating systems, browsers, other software and other hardware, all of which must be critically evaluated and this can be evaluated as a whole or for each of the components individually such that they serve as the basis of future use of the component in identical situations and can be claimed to be robust. This can result in assembling evaluated components into a trustworthy system. (Merkow; Breithaupt, 2005)
Today the security scenario is changing. For example the banking services and sensitive interaction occurs through the wireless service networks. Mobile banking and WAP service offered to banks and now with the "downloads" or "applications" is supported in mobiles in the U.S. The tally is that over fifteen percent of banking customers use mobile services for transactions. The most vital aspect to be considered is security and especially data packet security and authentication. (Merkow; Breithaupt, 2005) In general there are many protocols implemented and many proposals that have grown with the need of various services. That is where the security evaluation plays a great role.

Major Methods

These criteria are met in the international protocol called the TSEC where the evaluation begins with the network concept itself. In the TSEC, thus each component is evaluated individually as against the TSEC rating systems from Division D. Division D. has minimal protection to class C2 controlled protection and have many intermittent classes in between where C. stands for discretionary protection, C1, for discretionary security protection, C2 for controlled access and object reuse protection and so on. (Contesti; Andre; Waxvik; Henry; Goins, 2007)

There cannot be any change to these basic concepts in the model and the changes that the 'International Common Criteria' for information technology security evaluation has brought in do not affect the existing systems because by verifying the certification of the components that are used, it can be seen if the system is robust. It also states if the system is ideal for the network security required -- e.g. more for the bank, lesser for a library. In this system the e NIST Security Assessment Framework described in [NIST00] is the ideal solution to most type of security networks because the methods consist of multiple modules that provide security to all aspects of the network. (Ramachandran, 2002)

The five levels begin with establishing a documented security policy to cover all aspects of security management. This would incorporate the details of all ace methods and procedures, the methods of operations, the collection of procedures, exact technology to be used that may include the hard ware software and vendor criteria, and the goal sets for the implementation of the security. The NIST00 also at the second level is where the process of implementation of the security is created. And the procedures are properly documented. Following this at Level 3, the stock is taken of the already implemented or existing systems and controls that can be used in the process or those systems that the organizations must ensure implementation of their security procedures. (Ramachandran, 2002)

The important system is the method of making the end user proficient in handling the system procedures and understanding the safety protocols and procedures that calls for some level of for security skills which must meet an assessment and the deficient training needs is documented. Going further in level 4; the final test and review of all the procedures and controls is done. There are regression procedures for testing security in the presence of system evolution and from here the final level namely the Level 5 is reached where a 'Fully Integrated Procedures and Controls' are seen to become viable. In other words the system at this stage has an implemented security controls and external security resources that completely protect the system architecture. (Ramachandran, 2002) The economics of the system is shown by the Security Assessment that shows dependencies and the method of regression testing of security as the…

Continue Reading...
Sources used in this document:
References

Belding-Royer, Elizabeth M; Agha, Khaldoun A; Pujolle, G. (2005) "Mobile and wireless communication networks" Springer.

Chakrabarti, Anirban. (2007) "Grid computing security"

Springer.

Merkow, Mark S; Breithaupt, Jim. (2005) "Computer security assurance using the common criteria" Thomas Delmar Learning.
Cite this Document:
Copy Bibliography Citation

Related Documents

Essay
Analyzing the Policy Making Process
Words: 1299 Length: 5 Document Type: Term Paper

Policy Making Process Welfare Reform Policy Analysis Success of welfare reform is ambiguous. Media and well-known public officials claim to have had achieved welfare reforms. However, after 4 years of new policy regime, majority also accepts that welfare reforms have been successfully achieved. Temporary Assistance for Needy Families (TANF) also validates this by stating that welfare rolls have dropped by 53% to 6.28 million recipients in June 2000 from 12.24 million

Read More
Essay
Historic Process by Which Strategic
Words: 5396 Length: 20 Document Type: Essay

Concerning employment practices in general, the order not only strictly prohibited discrimination in hiring, but it also entered into the lexicon the now commonplace idea of Equal Opportunity Employment and established the premise of Affirmative Action. In doing so, this order would also explicit the prohibition of discriminatory treatment of employees once hired, seeming to build a legal case for those who would argue that a compensation system demonstrates

Read More
Essay
Handover Process for Leaders During Crisis
Words: 960 Length: 3 Document Type: Professional Writing

The senior management handover process can either mitigate or exacerbate any type of crisis in the government sector. Whether due to internal or external causes, or both, a crisis is a tremendous challenge to promote a seamless and stable process of leadership transfer. Research on private sector leadership transfers shows that a lack of formal processes and procedures can lead to costly setbacks and needlessly long periods of transition (Gabarro,

Read More
Essay
Challenge of Managing All Stakeholders in the Context of a Merger...
Words: 23212 Length: 80 Document Type: Term Paper

Managing All Stakeholders in the Context of a Merger Process Review of the Relevant Literature Types of Mergers Identifying All Stakeholders in a Given Business Strategic Market Factors Driving Merger Activity Selection Process for Merger Candidates Summary, Conclusion, and Recommendations The Challenge of Managing All Stakeholders in the Context of a Merger Process Mergers and acquisitions became central features of organizational life in the last part of the 20th century, particularly as organizations seek to establish and

Read More
Essay
Develop a Theoretical Formulation Using Theory of Work Adjustment...
Words: 1635 Length: 5 Document Type: Research Paper

Adjustment for Iraqi and Cuban Refugees Theoretical framework of theory of work adjustment finds that Iraqi and Cuban immigrants require developing person-work environment co-responsiveness. This is through continuous adjustment, develop their identities that relate with their work environment, and through a slow and gradual process. The theory identifies the work environment requires specifics from migrant workers, and migrant workers need requirements from the work environment. Lastly, is the matching of

Read More
Essay
Intelligence Agencies What Exactly Is
Words: 11218 Length: 28 Document Type: Term Paper

Sometimes, it is even necessary to carry out certain clandestine operations like deceptions, clandestine collection of information, covert actions, and also the carrying out of the exercise of distributing disinformation or misleading information, which would mislead the suspected threat. The United States Intelligence Community is, as stated earlier, made up a number of different agencies. The Central Intelligence Agency is one of these. Also known popularly as the CIA, this

Read More

Sign Up for Unlimited Study Help

Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.

Get Started Now